Vulnerabilities > Dpdk > Data Plane Development KIT > 17.11
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-31 | CVE-2022-2132 | A permissive list of allowed inputs flaw was found in DPDK. | 8.6 |
| 2022-08-23 | CVE-2021-3839 | Out-of-bounds Write vulnerability in multiple products A flaw was found in the vhost library in DPDK. | 7.5 |
| 2020-05-20 | CVE-2020-10726 | Integer Overflow or Wraparound vulnerability in multiple products A vulnerability was found in DPDK versions 19.11 and above. | 4.4 |
| 2020-05-20 | CVE-2020-10725 | Improper Initialization vulnerability in multiple products A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. | 7.7 |
| 2020-05-19 | CVE-2020-10724 | Out-of-bounds Read vulnerability in multiple products A vulnerability was found in DPDK versions 18.11 and above. | 4.4 |
| 2020-05-19 | CVE-2020-10722 | Integer Overflow or Wraparound vulnerability in multiple products A vulnerability was found in DPDK versions 18.05 and above. | 6.7 |
| 2019-11-14 | CVE-2019-14818 | Memory Leak vulnerability in multiple products A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. | 7.5 |
| 2018-04-24 | CVE-2018-1059 | Information Exposure vulnerability in multiple products The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. | 2.9 |